commit 496e6e1d2a074ab85f434fe2a88a6c0159696419
Author: Mohammed Naser <email address hidden>
Date: Fri Jan 31 16:13:24 2020 +0100
share_networks: enable project_only API only
At the moment, the share_network database API which the web
API layer interacts with directly does not have any checking
for project_id which means that a user has the ability to run
operations against any other share_network if they have the ID.
This patch implements the usage of project_only in the database
query which ensures that administrators still have the behaviour
of getting any share network they want, but users can only pull
up those which are part of their context/authenticated project.
This patch also adjusts a few other tests due to the fact that
the existing tests would run a lot of inserts with a different
project_id than the context, which is not allowed in this new
API behaviour. Therefore, the instances that involved projects
different than the context were converted to elevated ones.
There was also an instance where they were being created with a
project_id that did not match the fake context, therefore the
context was adjusted accordingly as well.
Closes-Bug: #1861485
Change-Id: Id67a939a475c4ac06d546b7e095bd10f1a6d2619
(cherry picked from commit 947315f0903c823b0fdd9d99c60078814587272c)
Reviewed: https:/ /review. opendev. org/712163 /git.openstack. org/cgit/ openstack/ manila/ commit/ ?id=496e6e1d2a0 74ab85f434fe2a8 8a6c0159696419
Committed: https:/
Submitter: Zuul
Branch: stable/train
commit 496e6e1d2a074ab 85f434fe2a88a6c 0159696419
Author: Mohammed Naser <email address hidden>
Date: Fri Jan 31 16:13:24 2020 +0100
share_networks: enable project_only API only
At the moment, the share_network database API which the web
API layer interacts with directly does not have any checking
for project_id which means that a user has the ability to run
operations against any other share_network if they have the ID.
This patch implements the usage of project_only in the database authenticated project.
query which ensures that administrators still have the behaviour
of getting any share network they want, but users can only pull
up those which are part of their context/
This patch also adjusts a few other tests due to the fact that
the existing tests would run a lot of inserts with a different
project_id than the context, which is not allowed in this new
API behaviour. Therefore, the instances that involved projects
different than the context were converted to elevated ones.
There was also an instance where they were being created with a
project_id that did not match the fake context, therefore the
context was adjusted accordingly as well.
Closes-Bug: #1861485 c06d546b7e095bd 10f1a6d2619 b0fdd9d99c60078 814587272c)
Change-Id: Id67a939a475c4a
(cherry picked from commit 947315f0903c823